14:15:44 <haraldh> #startmeeting Fedora Base Design Working Group (2015-08-31)
14:15:45 <zodbot> Meeting started Mon Aug 31 14:15:44 2015 UTC.  The chair is haraldh. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:15:45 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:15:49 <haraldh> #meetingname  Fedora Base Design Working Group
14:15:49 <zodbot> The meeting name has been set to 'fedora_base_design_working_group'
14:15:57 <haraldh> #chair haraldh msekleta jreznik dgilmore vpavlin masta lnykryn
14:15:57 <zodbot> Current chairs: dgilmore haraldh jreznik lnykryn masta msekleta vpavlin
14:16:07 <haraldh> ping msekleta jreznik dgilmore vpavlin masta lnykryn
14:16:17 <vpavlin> Good afternoon
14:16:17 <lnykryn> hello everyone
14:16:19 <jreznik> hey haraldh
14:16:25 <haraldh> hi
14:16:26 <masta> hello folks
14:16:46 <jreznik> on the call, so might not be completely responsive today...
14:17:50 <haraldh> So, I hope in this meeting Brendan Conoboy will join us
14:17:56 <bconoboy> good morning
14:17:59 <haraldh> hey
14:18:01 <haraldh> cool :)
14:18:03 <haraldh> there you are
14:18:23 <haraldh> So, bconoboy is leading the RHEL.next initiative
14:18:24 * linux-modder observing
14:18:33 * bconoboy bows
14:18:44 <haraldh> and part of that is of course RHEL.base
14:18:58 <haraldh> which might be in line with Fedora.base
14:19:26 <haraldh> so, Brendan, do you want to introduce yourself even more?
14:19:32 <bconoboy> sure
14:19:52 <dgilmore> hi, I am on another meeting also
14:20:13 <bconoboy> Some of you might remember me from the fedora-arm pushes in the past.  My new gig is making rhel as a whole better which I think generally starts with making fedora better
14:21:19 <bconoboy> I'm keenly interested in starting to distinguish what is the operating system from what are the applications running on it.  When you do that you create opportunities to have different policies for the constituent parts.
14:21:40 <bconoboy> To me, this is part of what rings is about
14:22:01 <bconoboy> When people talk about ring 0, I think of it as "the operating system ring"
14:22:28 <bconoboy> Which is to say, all the stuff that uniquely identifies the OS in a way that is quite distinct from release to release
14:22:44 <bconoboy> But perhaps I'm getting ahead of myself- haraldh?
14:22:51 <haraldh> no, all fine
14:22:53 <bconoboy> OK
14:23:24 <bconoboy> So the OS release is basically the set of APIs and ABIs that all programs can rely upon to be stable
14:23:36 <bconoboy> Things like glibc, gcc
14:23:57 <bconoboy> These tend to not rebase during the lifetime of the OS, or when they do they have very strict rebase rules
14:24:23 <bconoboy> In contrast, software like firefox, thunderbird, gimp- those aren't really part of the OS, they're part of the distribution
14:24:37 <bconoboy> A distribution is the OS and its apps
14:24:52 <haraldh> #topic OS and Apps
14:24:54 <haraldh> If you look at other OSes, the line between apps and the OS even includes GUI elements
14:25:06 * odonell waves
14:25:25 <bconoboy> Yes, in general I think the GUI doesn't belong in ring 0, but it's arguable
14:25:46 <linux-modder> bconoboy,  agree there
14:25:56 <haraldh> sure, because other OSes can't even run without the UI
14:26:05 <masta> discussion of what goes into ring0 always seems to head into the weeds.
14:26:13 <bconoboy> I think ring 0 is roughly the kernel, glibc, systemd, bash, coreutils, gcc (due to libgcc in part), and those packages which are required to get a clean repoclosure
14:26:30 <bconoboy> Our goal should be to minimize what makes it into ring 0
14:26:36 <odonell> A clean repoclosure under --with bootstrap right?
14:26:45 <odonell> Otherwise that closure is huge.
14:26:55 <bconoboy> The closure is huge, but it's an objective
14:27:16 <bconoboy> Today I think you can realistically say "Fedora is Ring 1"
14:27:30 <mjw> How many rings are there?
14:27:30 <bconoboy> So we're trying to clave off a piece of ring 1, called ring 0, which has a higher standard
14:27:35 <bconoboy> mjw: 1
14:27:52 <mjw> ah, and we want to have 2?
14:28:04 <bconoboy> We want to have more than 2, but you have to build
14:28:59 <bconoboy> In the interest of full disclosure I'm primarily interested in ring 0, but I think ring 2, 3, etc are all sensible, as envs&stacks identifies developer communities who need different policies in order to make fedora their preferred development environment
14:29:31 <bconoboy> I'm interested in ring 0 because it feeds directly into my day job, but I'm intersted in rings in general because they seem like a good way to expand the reach of fedora
14:29:56 <bconoboy> A few additional thoughts:
14:30:06 <odonell> Like a Fedora Ring 0 for ARM should fit into smaller dev boards?
14:30:13 <mjw> Any connection to the "levels" in RHEL? https://access.redhat.com/articles/rhel-abi-compatibility (which defines level 1, 2 and 4 - yes, 3 is skipped)?
14:30:41 <vpavlin> Problem with ring 2 & 3 is they are not the same rings as 0 & 1 - which can have quite clearly defined borders...2 & 3 are more like bubbles containing specific stacks, frameworks etc.
14:30:42 <bconoboy> When we talk about what package goes in what ring we're talking about source rpms, not subpackages- we need libgcc because it's linked into everything, so gcc the whole shebang goes into ring 0
14:31:07 * odonell nods
14:31:10 <bconoboy> odonell: That's one of the reasons why ring 0 should pass repoclosure, you should be able to make an install out of it
14:31:36 <odonell> bconoboy: Certainly.
14:31:37 <bconoboy> really what makes sense to me is that any architecture has a "base" install image, but that's another topic
14:31:51 <odonell> bconoboy: The pedantic problem with that is that docs requires texinfo which requires the whole OS.
14:32:02 <bconoboy> Additionally, ring 0's source rpms do *not* need to pass repoclosure, it's OK for BuildRequires to hang out in ring 1
14:32:17 <odonell> Oh really?
14:32:23 <bconoboy> Not practical otherwise.
14:32:38 <bconoboy> I mean, it's a goal, but we won't get there anytime soon.
14:32:49 <odonell> I'm happy with that. But it means you need ring1 to build ring0 so it's not-self-hosted?
14:32:51 <bconoboy> Because 'make' doesn't belong in ring 0
14:33:03 <odonell> So to be clear Ring 0 is not self-hosted?
14:33:17 <odonell> That is not a goal.
14:33:18 <masta> ok, so ring0 will contain the tools to build ring0? (just want to be clear)
14:33:25 <masta> err.. will NOT
14:33:30 <odonell> :}
14:33:33 <bconoboy> Right
14:33:39 * odonell is happy with that.
14:33:56 <lnykryn> so ring 0 is minimal installation?
14:34:02 <masta> so ring0 is not self hosting.
14:34:02 <bconoboy> Not exactly
14:34:09 <bconoboy> Ring 0 contains a minimal installation.
14:34:17 <bconoboy> But there is more than the minimal installation in ring 0
14:34:38 <bconoboy> For instance, you don't have to install gcc-c++, but it is in ring 0 since it is also a subpackage of gcc.
14:35:01 <mjw> ?
14:35:17 <bconoboy> And gcc has to be in ring 0 because it contains libgcc which is part of the minimal installation.
14:35:29 <haraldh> why is that?
14:35:30 <mjw> I would have expected libstdc++ to be in ring 0, who also gcc-c++?
14:35:32 <masta> hopefully weak dependencies can provide some relief here.
14:35:49 <bconoboy> It's like I said earlier, source packages are in rings, not subpackages.
14:36:01 <haraldh> mk
14:36:01 <mjw> O, hmmm, I guess because it is part of the src rpm. So any binary package from a source rpm in ring 0 is also in ring 0?
14:36:03 <bconoboy> Gcc provides a subpackage that needs to be in ring 0, so all of gcc is in ring 0.  It's an atomic unit.
14:36:12 <bconoboy> mjw: Exactly
14:36:27 <bconoboy> If you're wondering about libgcc, run ldd on any shared executable, you'll find it is linked to libgcc.
14:36:40 <haraldh> why do want it to be that way?
14:36:50 <mjw> At least it is an easy definition :) But you won't get anything minimal with that.
14:36:52 <haraldh> any legal thing?
14:36:58 <bconoboy> It's purely technical
14:37:12 <haraldh> mjw, well you don't have to install everything
14:37:13 <haraldh> right?
14:37:18 <haraldh> it's just in the repo
14:37:25 <haraldh> but maybe not in the install sezt
14:37:27 <bconoboy> If you have some subpackages in ring0 and others in ring1, whose policies apply?  You have to have a single policy per source rpm.
14:37:28 <haraldh> set
14:37:38 <mjw> aha, ring 0 is the repo, not the install set.
14:37:46 <bconoboy> Yes, ring 0 is a repo, not an install set.
14:37:57 * odonell likes that conceptual model
14:38:00 <bconoboy> I should have said that ;-)
14:38:37 <bconoboy> Unfortunately I have to hop on the phone in a moment, but that's the basic idea
14:38:57 <odonell> So what about boot loaders, firmware signers, etc?
14:39:14 <bconoboy> If you need it to boot, it's in.  If you need it to pass repoclosure, it's in.
14:39:23 <bconoboy> Oh, that reminds me
14:39:39 <bconoboy> Ring 0 also includes the machinery to update/install additional packages.
14:39:51 <haraldh> installer? (anaconda)
14:40:06 <odonell> That's install, not boot through?
14:40:19 <mjw> rpm, dnf, python...
14:40:32 <bconoboy> I would lean toward anaconda being ring 0 for the same reason kernel is ring 0
14:40:42 * odonell notes that matthew miller wrote "Not self-hosted" for ring0 in his July 2013 writeup.
14:40:43 <bconoboy> Even though you can rebase it, it's part of the elementary distribution
14:41:07 <bconoboy> A few other question marks: Authentication, logging, auditing
14:41:21 <bconoboy> Anyway, I have to hop on the phone, but will follow along as I'm able.
14:41:26 <haraldh> HW support... Boot from network disks?
14:42:11 <bconoboy> What's special about network disks? iscsi?
14:42:26 <haraldh> well, are the tools part of Ring0?
14:42:37 <bconoboy> Not if you can avoid it.
14:42:52 <bconoboy> You need make, but you don't need it in ring 0.  The distribution will boot fine without it.
14:42:56 <haraldh> lvm, device-mapper?
14:43:00 <bconoboy> lvm, yes
14:43:03 <bconoboy> device-mapper, yes
14:43:11 <bconoboy> I would be surprised if you could install without them.
14:43:12 <haraldh> why lvm and not iSCSI?
14:43:19 <haraldh> well, of course you can
14:43:44 <haraldh> my system is all btrfs, e.g.
14:43:46 <msekleta> I don't use them, never :)
14:44:07 <masta> here we go into weeds
14:44:09 <haraldh> and xfs and ext4 don't need LVM also
14:44:12 <haraldh> masta, yes :)
14:44:14 <haraldh> sure
14:44:29 <haraldh> just trying to find out a general rule of thumb where to draw the line
14:44:44 <haraldh> so, that it can be expressed in some document
14:45:22 <msekleta> regardless, who uses what, lvm is still default in Fedora as installed by anaconda IIRC
14:45:39 <mjw> no iscsi? hmmm. I do use that.
14:45:46 <haraldh> as is iSCSI support
14:46:01 <haraldh> and NFS for installation source
14:46:21 <bconoboy> Ring 0 should basically include the technologies needed for Fedora's supported installation/boot methods
14:46:33 <mjw> (not saying that what I happen to use should go into ring 0, just surprised anybody would think of not including it, that is just surprising)
14:48:04 <haraldh> ok, so, it's all tools needed for installation on the supported methods and of course booting from it
14:49:01 <haraldh> and maybe also for maintenance of this destinations
14:49:03 <bconoboy> (I would expect iscsi to be in there)
14:50:36 <haraldh> bconoboy, any rule of thumb for additional tools like "bash" vs "zsh"
14:50:42 <haraldh> or emacs vs vi?
14:51:09 <haraldh> bconoboy, do you have any idea, what qualifies it to be Ring0?
14:51:12 <lnykryn> Is there a relation between ring 0 and critical path packages?
14:51:48 <bconoboy> haraldh: I'd put bash in, not zsh but it's arguable
14:51:49 <haraldh> https://fedoraproject.org/wiki/Critical_path_package
14:52:13 <haraldh> lnykryn, graphics
14:52:20 <haraldh> compose new trees
14:52:20 <haraldh> compose live
14:52:25 <lnykryn> those in in sub comps
14:52:49 <hhorak> lnykryn: I'd say generally not, there can be packages from both ring 0 and 1 in critical path and not all packages from ring 0 will be in critical path
14:55:22 <haraldh> bconoboy, this is what we defined so far: https://fedoraproject.org/wiki/Base "What is Base"
14:55:25 <bconoboy> To same extent we really just need a compose that has what we think minimally goes into ring 0 and see how big it is, what automatically comes in, and if we think that hsould be out
14:55:36 <hhorak> well, maybe ring0 can be one of the critical path.. (after reading the wiki article, I didn't know there are so many of them)
14:56:00 <masta> we want ring0 composes?
14:56:10 <bconoboy> I think it makes sense to have ring0 be synonymous with base
14:56:15 <masta> or just a repo generated?
14:57:19 <bconoboy> it depends whether base wants to start producing images
14:57:42 <linux-modder> admittedly  in the deep end for me  but a repo sounds like a  good idea
14:59:40 <bconoboy> Having a base (ring 0) repo would be good for the partial demotion of i686 for instance.
15:00:16 <masta> I dunno... I think of ring0 as more of a compos group, but whatever...
15:00:30 <bconoboy> Adding a wee bit of context...
15:00:31 <masta> err.. comps.xml group
15:01:02 <bconoboy> At flock we talked about moving all the secondary architectures to the primary koji system.  It simplifies things a great deal for RCM and provides a sensible way to handle i686 psueo-demotion
15:01:23 <bconoboy> The question is "What if none of the versions of fedora want that architecture as blocking?"
15:01:26 <masta> yes, that would simplify things
15:01:36 <bconoboy> I think base provides a minimal level of sanity for all architectures.
15:01:46 <bconoboy> A minimal install, a smaller compose
15:01:57 * masta thinks of epel for aarch64 and ppc64le, and more things....
15:02:01 <bconoboy> To get into the fedora koji build system you need to pass that threshold
15:02:50 <bconoboy> And having the ring 0 / ring 1 policy split means that packages that remain in ring 1 can have a more flexible policy with architecture specific rules.
15:04:49 <haraldh> ok
15:05:02 <haraldh> that makes sense from the rel-eng stand point
15:05:14 <haraldh> repoclosure
15:05:57 <haraldh> no worries about rebuilding everything with the new gcc except base/ring-0
15:06:01 <haraldh> in the first run
15:06:06 <haraldh> to s.th. to test
15:06:26 <haraldh> and then run it on different release cycles
15:07:01 <haraldh> also copr + ring0 repo
15:08:27 <haraldh> but then again, for installation you need more than ring0, if you want to do it graphically
15:08:37 <masta> right
15:08:38 <haraldh> so, that's off the table?
15:08:53 <haraldh> only text or automated installs with ring0
15:09:09 <masta> that's the implication
15:10:36 <bconoboy> worth debating- I'd hate to exclude common install methods, it seems fundamental somehow
15:11:40 <haraldh> well, it's like BuildRequires
15:11:49 <haraldh> InstallRequires :)
15:11:55 <bconoboy> heh
15:11:57 <masta> hehe =)
15:12:13 <bconoboy> The question I'm always asking myself is "Is this something the OS does, or is it an application?"
15:12:19 <haraldh> I would rather not include X11 or wayland
15:12:20 <bconoboy> Graphical install seems like something an OS does.
15:12:30 <bconoboy> But not always
15:12:37 <haraldh> well, then you would have to include Gnome
15:13:10 <masta> well I consider the installer a separate OS situation, almost like a layer, env, stack, or whatever...
15:13:17 <haraldh> and what if someone has a KDE installer for his KDE spin?
15:15:05 <masta> ok we are near the end of this meeting
15:15:14 <masta> seems to be fizzling out
15:15:20 <haraldh> yeah
15:15:23 <masta> shall we pick it up next week?
15:15:27 <haraldh> yes
15:15:31 <masta> ok
15:15:45 <masta> bconoboy: thanks for heading in here and discussing stuff.
15:15:47 <haraldh> I'll create a wiki page
15:15:55 <haraldh> bconoboy, yep, thanks a lot
15:16:17 <bconoboy> np- I should be generally available in future weeks.  thanks guys!
15:16:21 <haraldh> #endmeeting